package org.wildfly.security.sasl.scram;

import javax.security.auth.callback.CallbackHandler;
import javax.security.sasl.SaslException;
import org.wildfly.common.Assert;
import org.wildfly.security._private.ElytronMessages;
import org.wildfly.security.auth.callback.ChannelBindingCallback;
import org.wildfly.security.mechanism.AuthenticationMechanismException;
import org.wildfly.security.mechanism.scram.ScramFinalServerMessage;
import org.wildfly.security.mechanism.scram.ScramInitialClientMessage;
import org.wildfly.security.mechanism.scram.ScramInitialServerResult;
import org.wildfly.security.mechanism.scram.ScramServer;
import org.wildfly.security.mechanism.scram.ScramServerException;
import org.wildfly.security.sasl.util.AbstractSaslServer;

/* loaded from: input_file:m2repo/org/wildfly/security/wildfly-elytron/1.7.0.Final/wildfly-elytron-1.7.0.Final.jar:org/wildfly/security/sasl/scram/ScramSaslServer.class */
final class ScramSaslServer extends AbstractSaslServer {
    private static final int S_NO_MESSAGE = 1;
    private static final int S_FIRST_MESSAGE = 2;
    private static final int S_FINAL_MESSAGE = 3;
    private final ScramServer scramServer;
    private final ChannelBindingCallback bindingCallback;
    private String authorizationId;
    private ScramInitialServerResult initialServerResult;
    private ScramInitialClientMessage initialClientMessage;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ScramSaslServer(String str, String str2, String str3, CallbackHandler callbackHandler, ScramServer scramServer, ChannelBindingCallback channelBindingCallback) {
        super(str, str2, str3, callbackHandler, ElytronMessages.saslScram);
        this.scramServer = scramServer;
        this.bindingCallback = channelBindingCallback;
        setNegotiationState(1);
    }

    public String getAuthorizationID() {
        return this.authorizationId;
    }

    @Override // org.wildfly.security.sasl.util.AbstractSaslParticipant
    protected byte[] evaluateMessage(int i, byte[] bArr) throws SaslException {
        try {
            try {
                switch (i) {
                    case -1:
                        throw ElytronMessages.saslScram.mechAuthenticationFailed().toSaslException();
                    case 0:
                        if (bArr != null && bArr.length != 0) {
                            throw ElytronMessages.saslScram.mechClientSentExtraMessage().toSaslException();
                        }
                        if (1 == 0) {
                            setNegotiationState(-1);
                        }
                        return null;
                    case 1:
                        if (bArr == null || bArr.length == 0) {
                            setNegotiationState(2);
                            byte[] bArr2 = NO_BYTES;
                            if (1 == 0) {
                                setNegotiationState(-1);
                            }
                            return bArr2;
                        }
                        break;
                    case 2:
                        break;
                    case 3:
                        ScramFinalServerMessage evaluateFinalClientMessage = this.scramServer.evaluateFinalClientMessage(this.initialServerResult, this.scramServer.parseFinalClientMessage(this.initialClientMessage, this.initialServerResult, bArr));
                        setNegotiationState(0);
                        byte[] messageBytes = evaluateFinalClientMessage.getMessageBytes();
                        if (1 == 0) {
                            setNegotiationState(-1);
                        }
                        return messageBytes;
                    default:
                        throw Assert.impossibleSwitchCase(i);
                }
                if (bArr == null || bArr.length == 0) {
                    throw ElytronMessages.saslScram.mechClientRefusesToInitiateAuthentication().toSaslException();
                }
                ScramInitialClientMessage parseInitialClientMessage = this.scramServer.parseInitialClientMessage(this.bindingCallback, bArr);
                ScramInitialServerResult evaluateInitialResponse = this.scramServer.evaluateInitialResponse(parseInitialClientMessage);
                this.initialClientMessage = parseInitialClientMessage;
                this.initialServerResult = evaluateInitialResponse;
                String authorizationId = parseInitialClientMessage.getAuthorizationId();
                this.authorizationId = authorizationId == null ? parseInitialClientMessage.getAuthenticationName() : authorizationId;
                setNegotiationState(3);
                byte[] messageBytes2 = evaluateInitialResponse.getScramInitialChallenge().getMessageBytes();
                if (1 == 0) {
                    setNegotiationState(-1);
                }
                return messageBytes2;
            } catch (ScramServerException e) {
                setNegotiationState(-1);
                if (ElytronMessages.saslScram.isDebugEnabled()) {
                    ElytronMessages.saslScram.debugf(e, "[%s] error when evaluating message from client during state [%s]: %s", getMechanismName(), Integer.valueOf(i), e.getError().getText());
                }
                byte[] messageBytes3 = e.getError().getMessageBytes();
                if (0 == 0) {
                    setNegotiationState(-1);
                }
                return messageBytes3;
            } catch (AuthenticationMechanismException e2) {
                throw e2.toSaslException();
            }
        } catch (Throwable th) {
            if (0 == 0) {
                setNegotiationState(-1);
            }
            throw th;
        }
    }

    @Override // org.wildfly.security.sasl.util.AbstractSaslParticipant
    public void dispose() throws SaslException {
        this.initialServerResult = null;
        this.initialClientMessage = null;
        setNegotiationState(-1);
    }
}
